CVE-2008-0504

EUVD-2008-0514
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
coppermine-gallerycoppermine_photo_gallery
𝑥
≤ 1.4.14
coppermine-gallerycoppermine_photo_gallery
1.0
coppermine-gallerycoppermine_photo_gallery
1.0:rc3
coppermine-gallerycoppermine_photo_gallery
1.1
coppermine-gallerycoppermine_photo_gallery
1.1:beta_2
coppermine-gallerycoppermine_photo_gallery
1.1.0
coppermine-gallerycoppermine_photo_gallery
1.2
coppermine-gallerycoppermine_photo_gallery
1.2.0
coppermine-gallerycoppermine_photo_gallery
1.2.0:rc2
coppermine-gallerycoppermine_photo_gallery
1.2.1
coppermine-gallerycoppermine_photo_gallery
1.2.1:b
coppermine-gallerycoppermine_photo_gallery
1.2.1:b-nuke
coppermine-gallerycoppermine_photo_gallery
1.3.0
coppermine-gallerycoppermine_photo_gallery
1.3.1
coppermine-gallerycoppermine_photo_gallery
1.3.2
coppermine-gallerycoppermine_photo_gallery
1.3.3
coppermine-gallerycoppermine_photo_gallery
1.3.4
coppermine-gallerycoppermine_photo_gallery
1.3.5
coppermine-gallerycoppermine_photo_gallery
1.4
coppermine-gallerycoppermine_photo_gallery
1.4.0
coppermine-gallerycoppermine_photo_gallery
1.4.0:alpha
coppermine-gallerycoppermine_photo_gallery
1.4.0:beta
coppermine-gallerycoppermine_photo_gallery
1.4.1
coppermine-gallerycoppermine_photo_gallery
1.4.1:beta
coppermine-gallerycoppermine_photo_gallery
1.4.10
coppermine-gallerycoppermine_photo_gallery
1.4.11
coppermine-gallerycoppermine_photo_gallery
1.4.12
coppermine-gallerycoppermine_photo_gallery
1.4.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://coppermine-gallery.net/forum/index.php?topic=50103.0
http://secunia.com/advisories/28682
http://www.securityfocus.com/archive/1/487351/100/200/threaded
http://www.securityfocus.com/bid/27509
http://www.securitytracker.com/id?1019285
http://www.vupen.com/english/advisories/2008/0367
http://www.waraxe.us/advisory-66.html
http://coppermine-gallery.net/forum/index.php?topic=50103.0
http://secunia.com/advisories/28682
http://www.securityfocus.com/archive/1/487351/100/200/threaded
http://www.securityfocus.com/bid/27509
http://www.securitytracker.com/id?1019285
http://www.vupen.com/english/advisories/2008/0367
http://www.waraxe.us/advisory-66.html